[PATCH 1/2 v2] ALSA: control - double free in snd_ctl_led_init()
Jaroslav Kysela
perex at perex.cz
Fri Apr 9 15:12:25 CEST 2021
Dne 09. 04. 21 v 14:34 Dan Carpenter napsal(a):
> "group - 1" was intended here instead of "group". The current error
> handling will double free the first item in the array and leak the last
> item.
>
> Fixes: cb17fe0045aa ("ALSA: control - add sysfs support to the LED trigger module")
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Reviewed-by: Jaroslav Kysela <perex at perex.cz>
> ---
> v2: The first patch wasn't right. It fixed the leak but left the double
> free.
>
> sound/core/control_led.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/sound/core/control_led.c b/sound/core/control_led.c
> index d756a52e58db..93b201063c7d 100644
> --- a/sound/core/control_led.c
> +++ b/sound/core/control_led.c
> @@ -734,7 +734,7 @@ static int __init snd_ctl_led_init(void)
> if (device_add(&led->dev)) {
> put_device(&led->dev);
> for (; group > 0; group--) {
> - led = &snd_ctl_leds[group];
> + led = &snd_ctl_leds[group - 1];
> device_del(&led->dev);
> }
> device_del(&snd_ctl_led_dev);
>
--
Jaroslav Kysela <perex at perex.cz>
Linux Sound Maintainer; ALSA Project; Red Hat, Inc.
More information about the Alsa-devel
mailing list